Inside Internet Security: What Hackers Don't Want You To Know [Paperback]

Jeff Crume (Author)

Book Description

ISBN-10: 0201675161 | ISBN-13: 978-0201675160 | Publication Date: September 8, 2000 | Edition: 1

This book is a practical guide for anyone designing or administering a corporate or e-business network that runs across a number of platforms via the Internet. It arms systems administrators with a thorough understanding of the problems of network security and their solutions, and thus helps realize the tremendous potential of e-business. With the explosion growth of e-commerce and the opening up of corporate networks to external customers, security is now the number one issue for networking professionals. Concerns about hackers and the possible damage they can do to a business, and the potential vulnerabilities of a system can be overwhelming and can create an unhealthy business environment. However, a great deal of this is based on lack of information as to exactly how hackers approach their task, and of the exact vulnerabilities that they prey on. In this book, Jeff Crume dispels this fear by putting these threats into perspective and allowing realistic defense mechanisms to be created, to the extent that security becomes a business enabler, rather than inhibitor. Inside Internet Security describes the underlying principles that crop up again and again in hacker attacks, and then progresses to focus on lessons that can be learned, and how to protect against recurrence. Features: Practical hands-on advice on securing networked systems Security checklists for common scenarios Pointers to other detailed information sources In-depth theoretical background information Real-world Examples of actual attacks A glimpse into the future of IT security

Editorial Reviews

Review

 "This is a practical security guide for anyone building or administering a corporate network that runs across a number of platforms, via the Internet. Crume focuses on how hackers approach their work and the vulnerabilities they prey on." Computing, August 2001 

This one is a must if security is on your agenda.

nternet works, September 2001

From the Author

The more things change, the more they stay the same ... These days it seems that we are inundated with a constant stream of news about the dangers of doing business on the Internet. Whether it be a new computer virus making the rounds, compromised credit card numbers, or a vandalized web page, hacking attacks abound. The simple truth behind the headlines, however, is that most of these "new" exploits aren't really all that new after all. Most are merely a variation on a theme and, as such, could have been prevented with proven techniques and tools.

My intention in writing this book was to get to the heart of some of the most common vulnerabilities and dispel the myths that allow them to propagate. There are any number of excellent books on cryptography, firewalls, etc. already on the bookshelves and most of them provide tremendous detail, which is useful for security experts. I tried to write this book for a somewhat different audience -- IT professionals and their managers who need an understanding of the issues but who are not, themselves, security experts.

My hope is that by putting the information that is well-known to malicious hackers into the hands of the "good guys", that legitimate organizations will be better able to defend themselves from attack and that, as a result, we will all be better able to enjoy the benefits of e-business.

See all Editorial Reviews

Product Details

• Paperback: 288 pages
• Publisher: Addison-Wesley Professional; 1 edition (September 8, 2000)
• Language: English
• ISBN-10: 0201675161
• ISBN-13: 978-0201675160
• Product Dimensions: 9.1 x 7.4 x 0.6 inches
• Shipping Weight: 1.1 pounds (View shipping rates and policies)
• Average Customer Review: 3.8 out of 5 stars  See all reviews (9 customer reviews)
• Amazon Best Sellers Rank: #2,037,614 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

6 of 6 people found the following review helpful:

2.0 out of 5 stars OK overview, but better alternatives exist..., October 30, 2001

By A Customer

This review is from: Inside Internet Security: What Hackers Don't Want You To Know (Paperback)

The book offers a good overview of information security, though with a lot of "talk". I found myself scanning 75% of the paragraphs for the meat....I'm a software engineer, and have read "Secret's and Lies", which offers a much more thorough and better review of the subject. Buy it, instead. Not only will you get a better education, but you'll actually read the entire book instead of skimming most of it.

...Neither this nor "Secrets and Lies" will offer much specific information on security loopholes, i.e. how to hack or avoid being hacked. "Hacking Exposed" does that, however, and is a good read, too.

9 of 11 people found the following review helpful:

4.0 out of 5 stars The basics of computer security without the hype, November 25, 2000

By 

Charles Ashbacher (Marion, Iowa United States) - See all my reviews
(TOP 500 REVIEWER)    (VINE VOICE)    (HALL OF FAME REVIEWER)   

This review is from: Inside Internet Security: What Hackers Don't Want You To Know (Paperback)

As a new field where speed is essential and getting there first is sometimes more important than following the correct path, computing suffers from more than its share of unsubstantiated claims. However, it is a field of human endeavor like all others we engage in, which means the social laws apply here as well. The recent burst of the "Internet bubble" should have surprised no one, as it is just the basic laws of business finally asserting themselves. Since it involves humans doing things where the consequences can be very visible, it is inevitable that it will attract people who will deface or destroy something just for the attention it generates. Therefore, like all other things we do in life, it is necessary to remain wary when using the Internet, and this book generally delivers help without the hype.
When reading this book, it is clear that most of the problems involving computer security involve fundamental oversights or misfeasance on the part of someone. As I read through the examples in this book, I was reminded of the biography I read of the Nobel prize winning physicist Richard Feynman. He managed to obtain a reputation among his fellow workers as an expert safe cracker. However, as he makes quite clear when describing his life, most of this was just simple logic and luck in combination with oversight. The people around him tended to leave their combination locks on the last number, which reduced the possibilities and one time he managed to crack a safe by simply opening it, as it had not been properly latched. Some time ago, there was an announcement of a security flaw in Linux. It turned out that if some defaults were not altered after the install, it would be possible for unauthorized persons to access the system. If there is a flaw here, it is hardly a problem with Linux.
Therefore, most of the solutions presented in the book fall under the umbrella of common sense. Use "complex" passwords and don't write them down in obvious places such as in a desk drawer. Furthermore, do not give out sensitive information over the phone, which is something I preach to my young children. The recent hilarious case of Oracle operatives doing some dumpster diving outside the Microsoft offices points out that one of the most efficient security features is to destroy any paper containing sensitive information.
While most of the book is good, there was one point where I severely disagreed with the author. On page 45 there is a chart of components with 99.9% confidence of security and a computation concerning the confidence of security for ten such components as well as the hours and days of cumulative vulnerability based on these confidence levels. Granted, the author qualifies this as being merely a theoretical discussion, but it is still very misleading. Probabilities like this are most likely not additive, as following one path means the elimination of another. To say that having a component that is 99.9% secure means that it is "open" 8.8 hours of the year is simply not correct. In fact, the author does not really define precisely what is meant by a 99.9% confidence of security.
I also question one other premise of the book, namely that a hacker defacing a site is a catastrophe. What people care about is that the data inside and all critical transmissions are secure. As long as the bank vault is untouched, I am not greatly disturbed if someone spray paints the sign out front. Most web users are smart enough to appreciate this difference.
Being aware of the risks inherent in using the Internet is the most important thing you can do to cover your caboose when using it. In this book, you will learn that using the simple awareness and common sense caution that you always use when conducting business with strangers is the best approach to security on the Internet.

4 of 4 people found the following review helpful:

3.0 out of 5 stars Useful for managers/newbies, but not intermediates/experts, November 10, 2000

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Inside Internet Security: What Hackers Don't Want You To Know (Paperback)

I am an Air Force officer and technical resource for a 50-person military intrusion detection operation. I constantly search for sources of information useful to front-line security personnel, and I rate books against that standard.

"Inside Internet Security" is a book managers and new security workers would find enlightening. I would not recommend it for anyone who's been "in the trenches" for 6-12 months or more. The content can be found in many other works and I did not learn anything new, save for minor trivia, such as the fact the AS/4000 includes an integrated firewall on a separate coprocessor card (p. 84).

This does not mean the book is without merit. Its length (250 pages) will not scare readers away, and its range of topics provide a solid introduction to the security realm. Still, this book isn't really about "what hackers don't want you to know," since the material is relatively basic. Books like "Hacking Exposed" probably come closer to explaining specific techniques for penetrating networks. I'm afraid what hackers really don't want "white-hats" to know isn't in print, either on paper or on the Internet.